PT-2026-36797 · Apache+2 · Apache Http Server+2

Y7Syeu

Published

2025-12-10

Updated

2026-06-08

CVE-2026-24072

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP versions prior to 2.4.67

Description An escalation of privilege bug exists in various modules, including mod rewrite via ap expr, which allows local .htaccess authors to read files using the privileges of the httpd user.

Recommendations Upgrade to version 2.4.67.

Fix

DoS

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2026-06354

BIT-APACHE-2026-24072

CVE-2026-24072

OESA-2026-2316

OESA-2026-2318

OESA-2026-2319

OESA-2026-2320

OESA-2026-2401

OPENSUSE-SU-2026:10785-1

RHSA-2026:13938

USN-8239-1

USN-8396-1

Affected Products

Apache Http Server

Linuxmint

Ubuntu

PT-2026-36797 · Apache+2 · Apache Http Server+2

CVE-2026-24072

Weakness Enumeration

Related Identifiers

Affected Products

References · 75